Malware and Hijack this logs

L

Lah naw

New Member
I have been reading this forum and the tips but still have the problem here are the log you ask for ... Thanks for your help.

Malwarebytes' Anti-Malware 1.39
Database version: 2434
Windows 5.1.2600 Service Pack 3

7/15/2009 1:01:46 PM
mbam-log-2009-07-15 (13-01-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 207993
Time elapsed: 1 hour(s), 30 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 97

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\twain_32 (Spyware.Zbot) -> Quarantined and deleted successfully.

Files Infected:
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP646\A0104822.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP646\A0104829.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP646\A0104836.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP646\A0105843.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP646\A0105850.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP647\A0105859.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP647\A0105866.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP647\A0105873.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP648\A0105882.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP648\A0106888.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP648\A0107888.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP648\A0107901.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP648\A0107908.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP649\A0107917.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP649\A0108917.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP649\A0108924.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP649\A0108931.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP649\A0110931.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP649\A0110939.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP651\A0110974.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP651\A0111974.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP652\A0112982.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP655\A0113108.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP655\A0113115.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP655\A0113122.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP656\A0113246.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP658\A0113316.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP658\A0113323.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP659\A0114355.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP659\A0113338.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP659\A0114346.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP660\A0114381.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP662\A0114445.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP662\A0114452.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP662\A0114459.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP664\A0114476.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP664\A0114483.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP665\A0114498.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP665\A0114511.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP665\A0114518.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP666\A0114556.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP666\A0114563.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP666\A0114570.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP667\A0114578.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP667\A0114585.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP667\A0114592.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP667\A0114599.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP667\A0114606.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP668\A0114613.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP668\A0114620.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP668\A0114627.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP669\A0114665.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP669\A0114636.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP669\A0114655.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP669\A0114685.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP670\A0114701.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP670\A0114714.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP670\A0114724.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP674\A0115566.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP679\A0116495.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP680\A0116515.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP681\A0116623.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP683\A0116646.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP683\A0116655.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP686\A0116686.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP688\A0116779.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP688\A0116788.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP689\A0116800.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP689\A0116819.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP689\A0116827.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP689\A0116836.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP689\A0116844.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP690\A0116857.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP690\A0116864.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP690\A0116872.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP691\A0116894.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP691\A0116901.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP693\A0116911.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP693\A0118019.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP694\A0118115.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP695\A0118132.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP696\A0118141.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP697\A0118157.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP697\A0118167.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP700\A0118497.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP701\A0121342.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP703\A0124232.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP657\A0113279.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP657\A0113286.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP657\A0113293.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP657\A0113300.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d23eff2a-bfef-46a5-8364-d064e372df2b}\RP657\A0113307.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\servises(2).dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\servises.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\twain_32\user.ds (Spyware.Zbot) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.39
Database version: 2441
Windows 5.1.2600 Service Pack 3

7/16/2009 11:29:26 AM
mbam-log-2009-07-16 (11-29-26).txt

Scan type: Quick Scan
Objects scanned: 103387
Time elapsed: 16 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:35 PM, on 7/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 avremover-pro.com
O1 - Hosts: 209.44.111.62 www.avremover-pro.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 9212 bytes


Thanks again
 
Please keep your posts in the same thread if it's related to the same issue as it gets confusing. You need to do a few things right now.

1. You are using an old database for Malwarebytes. Please open the program and click on the update tab and then click on check for updates. The newest database is 2490. Now change the option to full scan and rescan your computer.

2. Download and run combofix. Follow the instructions on how to run it. http://www.bleepingcomputer.com/combofix/how-to-use-combofix

3. When done running both programs, please post logs from Malwarebytes, Combofix and please do a fresh hijackthis log.

Also, check your usage for system restore. Right click "my computer" icon and click on properties, click on system restore tab and check to see what percentage drive space you are using for system restore. I always set mine down to about 5-6 percent. According to your Malwarebytes log you have over 700 restore points. You need to flush the older ones out and give you more space on your hard drive.
 
New Logs

ComboFix 09-07-23.02 - Owner 07/23/2009 17:11.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.198 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\recycler\S-1-5-21-1112169797-2549658541-2154297389-1003
c:\recycler\S-1-5-21-3077004819-4235382175-3463800016-1003
c:\recycler\S-1-5-21-421544918-342060353-73823040-1003
c:\windows\Installer\15ce23.msp
c:\windows\Installer\15ce2a.msp
c:\windows\Installer\b27ef.msp
c:\windows\Installer\b27fa.msp
c:\windows\Installer\WMEncoder.msi
c:\windows\jestertb.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000027_.tmp.dll
c:\windows\system32\_000028_.tmp.dll
c:\windows\system32\_000029_.tmp.dll
c:\windows\system32\_id.dat
c:\windows\wiaserviv.log
D:\Autorun.inf

Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected
Restored copy from - c:\system volume information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP703\A0122246.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-13 17:52 . 2009-07-13 17:52 -------- d-----w- c:\program files\Trend Micro
2009-07-13 02:52 . 2009-07-13 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 02:52 . 2009-07-13 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 18:19 . 2009-07-12 18:19 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-12 18:16 . 2009-07-12 18:16 -------- d-----w- c:\program files\ResetDRM
2009-07-12 18:13 . 2009-07-12 18:13 -------- d-----w- C:\1356690e321206ce955b619d
2009-07-12 18:08 . 2009-07-12 18:10 -------- d-----w- c:\program files\Common Files\eSellerate
2009-07-12 00:02 . 2009-03-06 14:22 284160 -c--a-w- c:\windows\system32\dllcache\pdh(2).dll
2009-07-12 00:02 . 2009-02-09 12:10 401408 -c--a-w- c:\windows\system32\dllcache\rpcss(2).dll
2009-07-12 00:02 . 2009-02-06 10:39 35328 -c--a-w- c:\windows\system32\dllcache\sc(2).exe
2009-07-12 00:02 . 2009-02-06 11:11 110592 -c--a-w- c:\windows\system32\dllcache\services(2).exe
2009-07-12 00:02 . 2009-02-09 12:10 473600 -c--a-w- c:\windows\system32\dllcache\fastprox(2).dll
2009-07-12 00:02 . 2009-02-06 10:10 227840 -c--a-w- c:\windows\system32\dllcache\wmiprvse(2).exe
2009-07-12 00:02 . 2009-02-09 12:10 453120 -c--a-w- c:\windows\system32\dllcache\wmiprvsd(2).dll
2009-07-12 00:02 . 2009-02-09 12:10 729088 -c--a-w- c:\windows\system32\dllcache\lsasrv(2).dll
2009-07-12 00:02 . 2009-02-09 12:10 617472 -c--a-w- c:\windows\system32\dllcache\advapi32(2).dll
2009-07-12 00:02 . 2009-02-09 12:10 714752 -c--a-w- c:\windows\system32\dllcache\ntdll(2).dll
2009-07-10 21:35 . 2009-07-10 21:35 -------- d-----w- c:\documents and settings\Owner\Application Data\FRISK Software
2009-07-10 21:20 . 2009-07-10 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FRISK Software
2009-07-08 14:35 . 2009-07-08 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-08 14:33 . 2009-07-08 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-08 14:33 . 2009-07-08 14:33 -------- d-----w- c:\program files\Common Files\iS3
2009-06-26 20:57 . 2009-06-26 20:57 146016 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-26 20:55 . 2009-07-12 18:15 -------- d-----w- c:\windows\system32\XPSViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 00:56 . 2008-09-28 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2009-07-15 19:06 . 2007-12-25 22:48 -------- d-----w- c:\program files\Zune
2009-07-15 16:25 . 2009-01-12 01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:36 . 2009-01-12 01:53 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:36 . 2009-01-12 01:53 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 07:20 . 2009-02-24 18:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-12 18:29 . 2005-12-04 15:55 62568 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-12 18:10 . 2005-09-15 06:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 18:10 . 2008-10-24 21:12 -------- d-----w- c:\program files\New Tier
2009-07-12 18:10 . 2005-09-15 06:20 -------- d-----w- c:\program files\Google
2009-07-12 18:10 . 2005-09-15 06:19 -------- d-----w- c:\program files\BigFix
2009-07-12 18:10 . 2009-01-08 01:15 -------- d-----w- c:\program files\xchat
2009-07-12 17:55 . 2007-12-19 02:25 -------- d-----w- c:\program files\RealArcade
2009-06-16 14:36 . 2005-03-23 16:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-03-23 16:52 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2005-03-23 16:52 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 15:50 . 2005-03-27 06:01 -------- d-----w- c:\program files\Java
2009-06-02 15:48 . 2009-06-02 15:48 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-01 22:23 . 2009-06-01 22:23 -------- d-----w- c:\program files\Western Digital
2009-06-01 22:19 . 2009-06-01 22:19 -------- d-----w- c:\program files\Western Digital Corporation
2009-05-13 05:15 . 2005-03-23 16:53 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2005-03-23 16:52 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2009-04-29 04:56 827392 ----a-w- c:\windows\system32\SET1D.tmp
2009-04-29 04:56 . 2009-04-29 04:56 233472 ----a-w- c:\windows\system32\SET1E.tmp
2009-04-29 04:56 . 2009-04-29 04:56 1159680 ----a-w- c:\windows\system32\SET20.tmp
2009-04-29 04:56 . 2009-04-29 04:56 105984 ----a-w- c:\windows\system32\SET22.tmp
2009-04-29 04:56 . 2009-04-29 04:56 3596288 ----a-w- c:\windows\system32\SET29.tmp
2009-04-29 04:55 . 2009-04-29 04:55 52224 ----a-w- c:\windows\system32\SET2A.tmp
2009-04-29 04:55 . 2009-04-29 04:55 459264 ----a-w- c:\windows\system32\SET2B.tmp
2009-04-29 04:55 . 2009-04-29 04:55 6066176 ----a-w- c:\windows\system32\SET33.tmp
2009-04-29 04:55 . 2009-04-29 04:55 268288 ----a-w- c:\windows\system32\SET31.tmp
2009-04-29 04:55 . 2009-04-29 04:55 63488 ----a-w- c:\windows\system32\SET3E.tmp
2009-04-29 04:55 . 2009-04-29 04:55 383488 ----a-w- c:\windows\system32\SET35.tmp
2009-04-29 04:55 . 2009-04-29 04:55 124928 ----a-w- c:\windows\system32\SET41.tmp
2005-11-27 03:12 . 2005-11-27 03:12 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-26 499712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SunKist"="c:\program files\Digital Media Reader\shwicon2k.exe" [2004-05-27 139264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-07-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-07-10 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-09-15 98304]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-04 491520]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-9-15 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [6/25/2007 11:23 PM 21016]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [4/15/2007 7:50 AM 131776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-23 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 04:35]

2009-07-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-07-23 c:\windows\Tasks\User_Feed_Synchronization-{3C41165C-3798-40E2-8F88-857C8AD2ADAE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKLM-Run-DXDllRegExe - dxdllreg.exe
HKU-Default-Run-servises - c:\windows\system32\servises.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 17:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2009-07-23 17:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-23 22:40

Pre-Run: 14,769,577,984 bytes free
Post-Run: 17,273,868,288 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4
214 --- E O F --- 2009-07-23 20:19




Malwarebytes' Anti-Malware 1.39
Database version: 2491
Windows 5.1.2600 Service Pack 3

7/23/2009 6:36:02 PM
mbam-log-2009-07-23 (18-36-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 193601
Time elapsed: 50 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:46 PM, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7903 bytes


Thank You Still working on the restore thing
 
You must log in or register to reply here.
Back
Top